Hi team,
I am working on Web Services Connection and we are facing issue that once the users are getting disabled after aggregation create account is getting called automatically.
@Faizan9097 can you please elaborate more on this?
- Are you deleting or disabling the account in the target system in the event of termination? if deleting or disabling make sure it gets disabled or deleted.
- Is account correlated to the identity if disabled?
- Do you have a birthright role which is getting triggered incase you have deleted the account in the event of termination?
Regards,
Shekhar Das
- I am deleting the account in the Target.
- Yes it is getting correlated after aggregation.
- No , it is reqestable application
How did you come to the conclusion that create account is getting triggered? Can you share some insights? Like account activity, events?
Check after you terminate the user whether it actually deleting the account in the target system. (are you using a before provisioning rule to change the disable operation to delete or have configured delete API in the disable http operation?)
Mostly seems like the account is not getting deleted in the target and while you run aggregation it comes back.
Regards,
Shekhar Das
1.Yeah from account activity I am can see that create account got trigger.
2.Yes after termination the account is getting deleted from target(checked).No I am not using before OperationRule to disable.
3. Right now my account account is not working perfectly fine it is scanning only 1 st page records only.
Hi @Faizan9097,
Take a look at the below solution and see if it applies to you. If you are deleting accounts without removing the entitlements assigned from the request center, IDN could re-trigger the entitlement assignment and account creation.
1 Like
Hi Jesvin,
Yeah we know that Entitlement have sticky nature but I am provisioning users through access Profile .
Are you assigning access profiles through lifecycle state and the user remain in the lifecycle state after termination too.?
Access profiles are enforced too.
No I am not assigning access Profiles through lifecycle state.
If you don’t see the CREATE account event, then most likely SailPoint is not creating the new account. Check the system ID of the account before delete and “new” account that you think is created. If they are the same, then it’s not recreated by SailPoint
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.